GDPR Statement

Last updated: November 6 2023

1. Introduction

At (Great Chat SL), Company NumberB56221732, we are committed to ensuring the privacy and protection of personaldata for our customers and users of the service. We recognize the importance of complying with the General Data Protection Regulation (GDPR) and take appropriate measures to ensure the security and confidentiality of the data we collect, process, store, and transmit.

2.Data Collection and Processing

Data Collection andProcessing (Great Chat SL) obtains information and data to provide services to its clients either directly from the client or from users of the service. Data is collected on a daily basis to ensure the smooth functioning of our services.

3.Data Processing Procedures (Great Chat SL) obtains information and data to provide services to its clients either directly from the client or from users of the service. Data is collected on a daily basis to ensure the smooth functioning of our services.

4. Data Retention and Deletion

The data retention period extends no longer than until the withdrawal of consent or the expiry of the limitation period for claims arising from contractual agreements. We have procedures in place to ensure the secure deletion of information in accordance with GDPR requirements.

5. Data Storage and Security

The specific location of data storage is not provided in this statement. Enterprise clients can choose a geographic location of a dedicated server as part of the services provided by We implement appropriate network perimeter IT security protection measures, such as firewalls, intrusion prevention systems(IPS), email/web filtering, DMZ, VLANs, and electronic backups, to safeguard against unauthorized access or use of our applications hosted on our cloud servers provided by DigitalOcean (read more: We maintain internal IT systems security protection measures, including antivirus software and restricted access to personal data for authorized personnel only.

6. Vendor Compliance and Policies

Our vendor's business procedures relating to the services offered are compliant with GDPR. The vendor has not performed a Data Privacy compliance assessment or audit, but they ad here to GDPR regulations. The vendor maintains a written and formal organization-wideData Privacy Policy. The vendor also has a written and formal organization-wideInformation Security Policy. We conclude data processing agreements on conditions compliant with the requirements of GDPR regulations with our vendors.

7. Data Subject Rights and Data Breach Management

We have established procedures for handling data subject rights requests in accordance with GDPR provisions. Our procedures include notifying the Data Controller in case requests involve data subject information that is part of the proposed services. We have specific written procedures to handle data breaches or information security incidents, ensuring identification, investigation, mitigation, and reporting to the Data Controller within a 24-hour timeframe. There were no incidents reported in the last 12 months.

8. Data Transfer and Privacy Measures

Data transfer with customers, service providers, and third parties occurs via email or via a dedicated API connection. We regulate the aspects of transfer of personal data through electronic transfer, data transport, and control mechanisms.

9. Data Protection Management and Compliance

We implement a data protection management process that includes regular testing, assessment, and evaluation of data security measures. Responsibilities for data protection and information security are defined within the organization, and the management level is regularly informed about the status of data protection and possible risks. We ensure data protection by design and default by implementing privacy-friendly pre-settings and processing only necessary personal data. We have order or contract control measures in place to ensure that sub-processors (sub-contractors) process data in accordance with the controller's instructions. (Great Chat SL)'s commitment to GDPR compliance and protecting personal data is of utmost importance. We regularly review and update our practices to align with changes in legislation, industry best practices, and our commitment to data protection and privacy.


Contact Us

Please send your feedback, comments, requests for technical support: